How to Install Elasticsearch on Ubuntu 22.04 | Step-by-Step

July 18th, 2023
How to Install Elasticsearch on Ubuntu 22.04 | Step-by-Step

In this tutorial, you will learn how to install Elasticsearch on Ubuntu 22.04 server. In addition, you will also learn how to index and manipulate data using the Elasticsearch REST API.

What is Elasticsearch?

Elasticsearch is a free distributed search and analytics engine based on the Apache Lucene Library. It’s a fast and scalable analytics engine that provides an extensive API that allows you to process JSON requests and get feedback in milliseconds. This makes it an ideal choice for data analysis and search use cases.

How does elasticsearch work?

Elasticsearch is a key component of the ELK Stack (Elasticsearch, Logstash Kibana), where it is used to index and store data. Instead of tables and schemas, its structure is based on documents where data is stored in key-value pairs.


Before you install Elasticsearch on Ubuntu and start using it, ensure that you have the following set of requirements:

  • A running instance of Ubuntu 22.04 server with at least 2GB RAM and 2 vCPUs.
  • SSH access to the server with a sudo user configured.

Step 1: Install Elasticsearch

Elasticsearch is not officially hosted on Ubuntu's default package repositories. The only approach is to add Elastic’s package source list to the sources list directory. Once added, you can install it using the APT package manager.

To start off, you need to add the Elasticsearch GPG signing key in order to authenticate the Elasticsearch packages. Authenticated packages ensure that your system can trust the integrity of the packages being installed on your system by the package manager.

To add the signing key, import the Elasticsearch public GPG key using the curl command.

curl -fsSL | sudo apt-key add -

Once the GPG key is added, add the Elastic source list to the sources.list.d directory.

echo "deb stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

Next, update the local package lists to notify the system of the newly added repository.

sudo apt update

Then install Elasticseach using the following command:

$ sudo apt install elasticsearch

The command installs Elasticsearch and also creates a user and group called elasticsearch.


Step 2: Configure Elasticsearch

Elasticsearch's main configuration file is the elasticsearch.yml file located in the /etc/elasticsearch directory. This is a YAML file that stores cluster, node, memory, path, and network settings. It’s the main configuration file and largely controls how Elasticsearch functions.

A few are needed in order to customize Elasticsearch to your own preference. Therefore, access the file using your favorite text editor. In this example, we are using the nano editor.

sudo nano /etc/elasticsearch/elasticsearch.yml

First, specify a cluster name. Take note that a node can only join a cluster if it bears the same cluster name as other nodes in the same cluster.

Scroll the Cluster section and uncomment the directive. Provide a descriptive name for your cluster. For demonstration purposes, we have renamed it my-cluster.

# ---------------------------------- Cluster -----------------------------------
# Use a descriptive name for your cluster:
# my-cluster

Next, configure the node name. This is defined by the directive. By default, this is set to node-1. You can configure it manually by uncommenting it and providing your preferred name. Here, we have named it sample-node.

# ------------------------------------ Node ------------------------------------
# Use a descriptive name for the node:
# sample-node

By default, Elasticsearch listens to traffic from localhost or IP address To query another server, set the directive to the corresponding IP address. Scroll down to the ‘Networksection and set it to your preferred IP. In our case, we will set it tolocalhost`.

# ---------------------------------- Network -----------------------------------
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
# localhost

Lastly, specify the HTTP port that Elasticsearch listens on. By default, this is port 9200. You can leave it just as it is or provide a different port.

Once you are done modifying the settings, save the changes and exit the configuration file. Next, run the following command to notify the system of the changes made.

sudo systemctl daemon-reload

Next, enable the Elasticsearch service to start on startup.

 sudo systemctl enable elasticsearch

Then start the Elasticsearch service as follows. This usually takes roughly a minute, and the command might appear to be stuck or frozen once you press ENTER. So, don’t panic. Some patience will do.

 sudo systemctl start elasticsearch

To confirm that Elasticsearch is running, execute the command:

 sudo systemctl status elasticsearch

From the output, you can see that Elasticsearch is up and running.


Step 3: Test Elasticsearch

Up to this point, Elasticsearch is installed and running on port 9200, which is its default port. The easiest way to test if Elasticsearch is working is to query the Elasticsearch server by sending a GET request using the curl command as follows.

curl -X GET 'http://localhost:9200'

If your installation went along well, you should get the following output in JSON format, which displays server details.


For in-depth information about the Elasticsearch server, run the following command:

curl -X GET 'http://localhost:9200/_nodes?pretty'

The ?pretty directive formats the output into a human-readable format.

Step 4: Configure UFW firewall

As it stands, the Elasticsearch HTTP API can be accessed by anyone who has your server's IP. You may want to restrict access to just your IP address and not everyone else.

You can do this by configuring the UFW firewall by applying the following rule where [your-ip-address] is your public IP address.

sudo ufw allow from [your-ip-address] to any port 9200

To add another IP address, run the same command again, this time using a different IP address.

If the firewall is not enabled, be sure to enable it.

sudo ufw enable

Reload the firewall for the rule to take effect.

sudo ufw reload

Then verify the firewall status.

sudo ufw status

Step 5: Working with Elasticsearch

Elasticsearch uses a RESTful API that allows it to perform basic operations that correspond to CRUD operations, such as create, read, update, and delete. The HTTP methods equivalent to these operations are POST, GET, PUT, and DELETE, respectively.

To start using Elasticsearch, you need to populate an index with some data first. An index is the equivalent of a database in a relational database. It is a collection of documents, each with fields organized into key-value pairs that contain data.

To create a document, you need to send a PUT request to the API using the Curl command using the index name, type, and ID.

Let us index something. In the command below, we are creating an index called movies and of type genre with an ID of 1. The index stores information about a movie in JSON format.

curl -XPOST -H "Content-Type: application/json" 'http://localhost:9200/movies/genre/1' -d \
    "title": "Designated Survivor",
    "director": "David Guggenheim",
    "year": 2016,
    "genre": ["Drama", "Crime"]  

You should get the output like what we have.


To retrieve this entry, send an HTTP GET request as follows.

curl -X GET -H "Content-Type: application/json" 'http://localhost:9200/movies/genre/1' 

You should get the following output.


Now we will modify the entry using the HTTP PUT request.

curl -X PUT -H "Content-Type: application/json" 'http://localhost:9200/movies/genre/1?pretty' -d \
    "title": "Shooter",
    "director": "Antoine Fuqua",
    "year": 2007,
    "genre": ["Drama", "Crime"]

Elasticsearch will acknowledge the changes made and display the following output. After the modification of the movie records, notice that the version number has automatically increased to 2. This indicates that a modification has been made to the document.


To verify the changes made, view the records by sending a GET request.

curl -X GET -H "Content-Type: application/json" 'http://localhost:9200/movies/genre/1?pretty'

The ?pretty portion at the end of the command formats the output into a more human-readable format.



After completing each step in this tutorial, you have successfully installed and configured Elasticsearch and tested its functionality using the HTTP POST, GET and PUT methods.

For more information about Elasticsearch, refer to the Elasticsearch Official documentation..

Winnie is a seasoned Linux Systems administrator, currently specializing in writing technical Linux tutorials. With over seven years of experience in deploying and working with major Linux distributions such as Ubuntu, Debian, RHEL, OpenSUSE, and ArchLinux, she has written detailed and well-written "How to" Linux guides and tutorials. Winnie holds a Bachelor's Degree in Computer Science from Masinde Muliro University, Kenya and resides in Nairobi, Kenya. She is an expert in authoring Linux and DevOps topics involving Docker, Ansible, and Kubernetes. She currently works as a freelance technical writer and consultant. In her previous roles, she worked in the capacity of an IT support specialist and Linux administrator. Her key roles included offering level 1 and 2 support to both in-house and remote staff and managing and monitoring Linux servers.

Cloud VPS - Cheaper Each Month

Start with $9.99 and pay $0.5 less until your price reaches $6 / month.

We use cookies to ensure seamless user experience for our website. Required cookies - technical, functional and analytical - are set automatically. Please accept the use of targeted cookies to ensure the best marketing experience for your user journey. You may revoke your consent at any time through our Cookie Policy.
build: 372cf894.659